“What is our cloud strategy?” – a question increasingly demanded of the CIO, as if expected to unroll a definitive roadmap across territory that is still evolving as fast as tidal saltmarsh. Blame it on the consumer cloud, where new services are constantly emerging and adapting in the face of on-going feedback from millions of users. Compared with the efficiency, immediacy, friendliness and clarity of favourites – such as eBay, Google, Skype and Amazon – business cloud services lag way behind.
Employees are enjoying a better online experience playing games, watching movies and shopping at home than they get at work. “Business Class” used to be the by-word for superior service – in today’s cloud it feels to younger employees more like travel by Freight, let alone Economy Class. Nor is it just a question of current staff blaming IT for all their woes: bright new graduates are increasingly opting for employment in companies with more advanced strategy in terms of social media and cloud services.
Nor can this demand for cloud strategy be dismissed as a passing fad. Sure, the cloud is currently high on the Gartner Hype Cycle, but there is no denying the importance to business of its basic promises of agile, scalable services and a shift from high CapEx to the more business-friendly OpEx financial model.
In addition to this business efficiency argument, there are two other growing pressures to migrate to the cloud. The first is the increasing role of the cloud in cementing supply chain and other stakeholder partnerships – your suppliers, your business partners and your customers all expect to see more automated processes connecting them in the cloud.
Then there is the growing expectation of big data mining and its competitive advantages. For a large multinational with millions of customers the computational burden would be at supercomputer levels – a massive investment in capital expenditure that would be far better bought and paid for as a service.
The Changing Role Of The CIO
IT still sees itself as largely responsible for building and maintaining an efficient enterprise communications infrastructure. In fact today’s CIO is increasingly playing the role of a portfolio manager.
Network and storage technology is becoming good enough to be taken for granted, like good plumbing. What really matters now is the mass of applications running on it and, in a multinational enterprise, the CIO could be responsible for a portfolio of several thousand applications and their variations.
We cannot simply grade these applications in terms of importance or criticality. There are certain functions – say employee expense reporting – that may be vital to the individual but make very little demand on the system in terms of latency and QoS, but others do require specific yet diverse standards of service.
Point of Sale services cannot be held up for more than a few seconds without causing queues, unhappy customers and an erosion of the company’s reputation for good service – they must get high priority. Although videoconferencing demands far higher levels of service in real time, it is relatively flexible in terms of scheduling, where one minute’s delay would seldom do much longterm damage.
When it comes to financial trading and machine-to-machine services, then we are no longer talking about seconds or minutes, but microsecond delays. Financial information that is minutely out of date could actually be dangerous in such systems – in this case it had better be lost than delayed.
Think in terms of portfolio management – providing so many applications and meeting such diverse demands – and cloud Software as a Service (SaaS) becomes hugely attractive. No more need to keep up with security patches, software updates, and consistent versions across the enterprise and other application lifecycle overheads: SaaS delivers shiny new, yet proven, applications on tap and you only pay for what you need.
So why does anyone still buy software? Why is SaaS from the public cloud still only responsible for around ten to fifteen per cent of all business applications? It has a lot to do with uncertainty about the security and reliability of cloud services.
Security In The Clouds
Uncertainty about the security and reliability of cloud computing has itself more to do with perception than underlying reality. Instinct tells us that data is safest when we don’t let it out of our sight, when we trust it to our own systems and not to some unknown servers in an unspecified location run by strangers.
It is a similar instinct to one that many airline passengers feel when, instead of sitting in a car with a clear view of the road ahead, they are seated with hundreds of others in a vast flying building manned by a pilot they cannot see and with no view of what lies ahead. Basically, this is a sound instinct, because humans were evolved to move on land and not fly above the clouds at hundreds of miles per hour.
But for that very reason the entire multi-billion pound air travel industry depends upon proving that instinct wrong by making air travel as safe as possible using every technical and strategic means. Thus it is that we regularly hear statistics proving that flying is by far the safest means to travel long distance, and that the biggest danger to the air traveller lies in the journey to the airport, and not during the flight.
So it is with public cloud computing. Of course it is risky trusting data to strangers but, for that very reason, the multi-billion pound cloud industry uses every technical and strategic means to protect that data and deliver reliable service. Data may feel safer in one’s own private cloud, but it is highly unlikely that the private cloud will have the same levels of protection from cyber attack, the same levels of redundancy and the same quality of infrastructure as in a reputable public cloud service. Yes, public clouds do make tempting targets for hackers, just as planes make tempting targets for terrorists, but in both cases the levels of defence go way beyond what most private alternatives could afford.
As in the case of air travel, the greatest risk lies not within the cloud, but in the journey to it via the Internet. Quite apart from the risks of hacking and denial of service attacks when an enterprise uses public cloud services, there is the question of reliability in a non-deterministic Internet connection. Is it possible to do really serious business via teleconference when the Internet connection gets overloaded in mid-negotiation?
There is one very sound solution to this last problem, and that is to connect to the cloud not via public Internet but via a dedicated private, or virtual private line connection via Carrier Ethernet. We will return to this later, but first we must consider whether business cloud services really merit that connection.
Rebuilding ‘Business Class’ In The Cloud
Why is it that consumer cloud services are so far ahead of business offerings in terms of simplicity, functionality and sheer practicality?
It was suggested that this is because of the massive market for consumer services. Many of these services begin by costing nothing to the user, who soon numbers in the millions. The new service is an amazing innovation, so who cares if it is a little clunky when you are paying nothing for it? But with all that feedback plus such a massive test market the service evolves very fast in competition with other services, and a brilliant public service begins to emerge.
Business services, on the other hand, begin with hundreds, not millions, of customers who have to pay for what they get. The competition is still there, but not the massive trial and error potential of a free service that allows such dynamic evolution. So business services seem clumsy, unfriendly and poor performers compared with what an employee can enjoy at home or on their smartphone.
The difference is relative, not absolute. The biggest business cloud providers such as AWS or SalesForce do have thousands of business customers and they are getting the level of feedback that allows constant refinement. The gap begins to close between the best of business services and consumer offerings. But there is a danger that this could led to a fragmented cloud service for business, one where the enterprise becomes locked into a particular cloud service that may be very good but does not allow flexibility to choose and swap suppliers when needed.
This is not just about allowing customer mobility to ensure competition, there may also be critical reasons for wanting a service based in a local datacentre – bringing compute power close to reduce “data gravity and ensure low latency. It can also be necessary for conformance with data protection legislation, when that becomes more important than the very high level of service that is offered by some far distant datacentre.
So, business cloud services will surely evolve with time, but will they evolve in a manner that ultimately serves the business community?
A Business Class Cloud
As was suggested, the applications in the CIO’s portfolio have very diverse needs. Some are already sitting happily on the public Internet service, but others are too fussy to be trusted to existing services. Business needs levels along the lines of “Silver, Gold and Platinum Service” so it can pay for just the level needed for any application, and not be committed to top rates for the less critical work.
Basic problems remain with current cloud technology. These include the requirement for a dedicated network path: this may be due to legislation about where sensitive personal data is stored, or what routes it travels along, or it may be due to the need to predict latency for market trading, or simply to minimise it for optimal compute power.
A giant cloud provider may now offer the added reliability of fail-safe transfer to a second datacentre in case of problems, but what are the legal and operational implications of this transfer to the customer? Another issue is the time it takes to establish links between different WANs and providers in order to provide cloud service across regions and continents. Work is needed to standardise services so that business can swap providers as fast as market movements dictate.
Back To ‘Cloud Strategy’
Has this article helped the CIO formulate a reply to that demand for a “cloud strategy”? I would seriously suggest that any long term cloud strategy for a large potential cloud user, such as a multinational business, must include involvement in shaping the cloud to deliver the sort of service a business requires.
And the best way to get involved is by joining the co-operative cloud providers, carriers, NEMs and users that are already CEF members and are shaping tomorrow’s cloud while it is still in the formative stages.
Secondly I would repeat the message that the public cloud really is safe and reliable, and that the greatest risk of breakdown lies in the Internet connection to it – and that is best addressed by using a dedicated Ethernet connection for critical services.
Finally, I would recommend avoiding the public versus private cloud debate and think simply in terms of hybrid solutions. The argument for public cloud hinges largely on economy: the “pay as you go” costing that is so much better for business than massive capital outlay. However, if you look more closely at the figures, it can still be more cost-effective to build your own private cloud and run routine work internally.
The key word here is “routine”. If business was always in steady state, running a predictable workload, then there would be many advantages in sticking to a private cloud solution. The problem lies in the spikes and sudden demands – do you have to over-supply your resources in case of the occasional peak demand? The rule of thumb here is: “own the base and rent the spikes”.
In other words, the optimal solution could be a hybrid strategy that provides in house facilities to support most everyday business, plus a flexible contract with a public cloud provider that takes care of sudden peak demands. This is the way to really save money, not pitting CapEx versus OpeEx but balancing the two over the longer term. And is this not what strategy is all about?